jclouds-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Olaf Flebbe (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JCLOUDS-1166) Remove uses of the 'com.google.gson.internal' package
Date Thu, 16 May 2019 19:53:00 GMT

    [ https://issues.apache.org/jira/browse/JCLOUDS-1166?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16841681#comment-16841681

Olaf Flebbe commented on JCLOUDS-1166:

My requirements are actually to use jclouds from Spring Boot, seamlessly. I do not care about
OSGI at all. 

This was my first dive into jclouds code: Seems not KISS to me: Do we really need to automagically
instantiate arbitrary objects with non default constructors based on the Injection annotations
 while deserializing ? I might have missed the whole point.

Surely it was an intellectual challenge, but ...
Second: I am asking myself if this doesn't yield to hidden security issues, since it might
be possible to run arbitrary code. 

As an workaround: Did the author / the project consider to donate the code to the gson project
, or is this not an option? 

I would vote for a quick resolution: Ignore the OSGI problem for now. 

> Remove uses of the 'com.google.gson.internal' package
> -----------------------------------------------------
>                 Key: JCLOUDS-1166
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1166
>             Project: jclouds
>          Issue Type: Bug
>          Components: jclouds-chef, jclouds-core
>    Affects Versions: 1.9.2
>            Reporter: Ignasi Barrera
>            Priority: Major
>              Labels: gson
> Starting from Gson 2.6, the {{com.google.gson.internal}} packages are no longer exported
in the OSGi bundles. This makes it impossible to use jclouds in an OSGi environment if upgrading
to such versions of Gson.
> There is no change to add the exports back for that package (see [this discussion|https://github.com/google/gson/pull/916]),
so we should stop using those classes.
> See also: http://markmail.org/message/olgebygfgdy3hwtm

This message was sent by Atlassian JIRA

View raw message